[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] libxl: set permissions for xs frontend entry pointing to xs backend

On Tue, 2013-09-10 at 16:12 +0100, Ian Jackson wrote:
> Roger Pau Monne writes ("[PATCH] libxl: set permissions for xs frontend entry 
> pointing to xs backend"):
> > libxl doesn't currently set the permissions of entries like:
> > 
> > /local/domain/<domid>/device/<dev_type>/<devid>/backend
> > 
> > This allows the guest to change this xenstore entries to point to a
> > different backend path, or to malicious xenstore path forged by the
> > guest itself. libxl currently relies on this path being valid in order
> > to perform the unplug of devices in libxl__devices_destroy, so we
> > should prevent the guest from modifying this xenstore entry.
> Is it sufficient to set the permissions on "backend" - does that
> prevent the guest deleting the whole subtree ?

Yes. See the rest of this thread.

> Really it would be better to make the unplug not depend on this path.

Given the above, why?

> This is a security issue, so CCing security@.  It appears to have
> been discovered in public on xen-devel, so shouldn't be embargoed.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.